Slashdot Mirror


WinXP SP2 Sacrifices Compatibility for Security

goldragon writes "TechRepublic is reporting that "Microsoft is pulling out all the stops to improve security. So much so, in fact, that it will cause many problems because SP2 will de-emphasize backward compatibility with legacy systems and code for the sake of security." One small step forward for Microsoft, one giant leap backwards for mankind?"

19 of 773 comments (clear)

  1. Surprise Surprise by Ghost-in-the-shell · · Score: 3, Interesting


    Finally M$ catches on to what Telephony vendors and various other technology developers have been doing for years.

    Had they started with a secure product, then being backwards compatible would not be that much of a problem. Hopefully the M$ code monkeys will not make more problems than they fix.

    --
    -Ghost
  2. Sacrifice? Windows Users are used to it by Gunfighter · · Score: 5, Interesting

    Aren't all Windows users already sacrificing security for compatibility just by using Windows? Perhaps this is just meant to level the playing field.

    I'm sure Microsoft will be releasing an update full of application compatibility fixes shortly after the SP2 release. Even in vanilla XP, you can run applications in Win95/98 compatibility mode. I don't see any reason to change it now.

    --
    -- Stu

    /. ID under 2,000. I feel old now.
  3. Seems deceptive by stanmann · · Score: 5, Interesting

    The article indicates that most of the things being broken will be viruses and trojans.

    And that the only other major change will be to Finally honor the NX(Non-executable) memory designation, IOW if you want self-modifying code, you can still have it, but you can't place a call to an area that has been marked as Data-only or NX.

    Seems to be all good to me...

    --
    Food not Bombs is a nice platitude but it breaks down when you notice that the Bombees are usually well fed
  4. Compatibility is Overrated. by PhxBlue · · Score: 5, Interesting

    It was overrated when Apple told its users, "deal with it." And it's overrated now. If you want backwards compatibility, use a Win2k emulator.

    --
    !#@%*)anks for hanging up the phone, dear.
  5. backward? by Feyr · · Score: 4, Interesting

    this is a giant step FORWARD. if it can keep my network from being bombarded by all those damned windows viruses it's GOOD no matter what. and i don't even use windows.

    i'd say this is the brightest idea microsoft had in the last decade (if they deliver that is)

  6. Interesting/Important blurb by GillBates0 · · Score: 3, Interesting
    at the bottom of the second page. Not sure how many people will RTFA till there, so here it is:

    There's one item to highlight this week. Silicon.com and other sources are reporting that Apple's recent patch to fix a major threat in Mac OS X wasn't completely successful, and that a highly dangerous problem still exists in the operating system. The threat is especially noteworthy because it is the first important vulnerability discovered in the Mac OS X operating system that was not due to a flaw in the underlying FreeBSD UNIX on which Apple based OS X. This problem lies in the part of the code created by Apple, and it appears that it is quite difficult to repair. This is the first real challenge to Apple, and it will be interesting to see how the company responds to this critical threat. Previous patches were simply carried over from the Linux/UNIX community. Apple is on its own this time.

    --
    An Indian-American Hindu committed to non-violent thought/speech/action alarmed by the global explosion of radical Islam
  7. Progman by mobets · · Score: 4, Interesting

    Does that mean they will finaly ditch program manager? I realy hope there isn't any one still using programs for win 3.1 that still require that. And if so, why are they running it on XP anyway...

    Don't believe me, or just feeling nostalgic for windows 3.1, go to run, or a comand promt and execute progman.

    --

    It was me, I did it, I moved your cheese
  8. So what? by Supp0rtLinux · · Score: 3, Interesting

    The majority of XP users aren't using that many old apps anyway... the average XP user is just using XP, Office 2000+, IE6, and MSN. And the majority of 3rd party apps such as those from Adobe, Macromedia, etc will get free updates to be compatible. Its not such a big deal for the average user. I've often felt that M$ would be well served to release a new OS based on an entirely new codebase... get a group of developers that have never seen Windows source code, only the GUI and let them rewrite it without backwards. Then get the major vendors to release compatible versions of their software. Sure... things will lag for a bit, but Windows will get better and the app support will follow. Windows is still based on an almost 15 year old code base. Its time to rewrite it from the ground up. Screw the backwards compatibility. Move on.

    1. Re:So what? by Sique · · Score: 3, Interesting

      You are just lighting the one side of the medal.

      There is as always another side: There are real faults in the system, which can't be fixed, because the fix is equivalent to breaking an application, which was working around the fault in a murky way. There were design mistakes you can't fix, because there are applications which expect exactly this misdesigned behaviour. There were books out there talking about some "hidden features", which were never to be exposed to the developpers, but the developpers found out and some started coding with those "hidden features". Now you can't remove them anymore, even though they made only sense for a special environment present at the moment of their design, and they should have been hidden forever behind the official API.

      There is only one way to get out of this mess: Start anew. Screw those people who were trying to be clever. Define a stable subset of used API routines you know are quite bug free, useful and abstract enough to live along some architectural changes. Tell everyone that outside this API nothing is supported. It may be time for Windows developpers to learn how to write portable code.

      The world of the 8086 based PC as defined by IBM and evolved from there was always about being "more or less compatible". I remember the articles in the computer mags of the Mid-80ies being full of compatibility tests for the IBM clones and awarding points for supporting even obscure utilities and games.

      It was always a balance between keeping to the official interfaces and produce slow, kludgy software, which was assured to run on the next generation of PCs too, and to use nonofficial but common features, which made the life easier, saved on processor cycles, allowed for elegant code, but broke with a slight change in the underlying architecture. Most programmers were even able to write kludgy, slow applications by using nonofficial features, and maybe it's time to have a more Darwinian rule around: Adapt or die. The environment is changing.

      I know there are lots of people out there, who have invested huge sums of money or time or sweat in software, that is now about to break with the installation of SP2. I know that those people will be pissed of. But they can run their legacy application on their current system, and they are not forced to change it. They just have to make sure it has a welldefined and controlled interface to the world out there, maybe transferring data only via CD-ROM or having the access to the systems heavily guarded by firewalls or whatever. It's basicly the same that happens to the old database applications running on old S/370 somewhere.

      But there are more people pissed of by the security lapses aboundant, by strange and illogical designs in the API, and by the loss of money if something breaks because of the faults. So who do you want to please? The people with the legacy applications, who can't or won't upgrade, or the people dealing everyday with the problems arising from old legacy bugs and holes, which can't be fixed?

      --
      .sig: Sique *sigh*
  9. Re:Might this encourage by Ignignot · · Score: 3, Interesting

    But then again, who knows, it might "accidentally" break Office 97 so people think they need to upgrade to Office 2003. Exactly. Microsoft's big problem is that their users stop upgrading and stop paying them money for each new operating system. If they can make the old ones less usable _now_ instead of when they are shipped then they don't have to innovate at all to get people to upgrade. They've pulled this kind of stunt before, and they will again.

    --
    I submitted this story last night, and it didn't get posted.
  10. Re:Compatibility Woes? by Methuseus · · Score: 3, Interesting

    Yes, except be something that MS includes FOR FREE with their operating system to make people happy. And not charge extra for this capability either. That would up MS's reputation in my eye, however small of a jump that would be. This wouldn't make me want to use MS's products any more than I do now, though it would make a few things easier for people like my parents.

    --
    Two things are infinite: the universe and human stupidity, though I'm not yet sure about the universe. - A Einstein
  11. Re:Just introduces more dangerous issues by nebaz · · Score: 3, Interesting

    Well then the area in memory where your virus is will be changed to NX and it won't be able to run.

    --
    Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
  12. Re:Compatibility Woes? by WIAKywbfatw · · Score: 4, Interesting

    Let's say that you have incompatibility problems with some of your common office applications and the Microsoft solution to this situation is to upgrade your applications.

    Now, would you be happy that to get a secure computing platform you have to spend hundreds of dollars/whatever per seat upgrading to the latest version of your commonly used apps? To get a properly working version of Windows XP should you be forced to abandon those applications that work for you?

    Microsoft has used incompatibility problems to its own advantage time and time again. Indeed, breaking the compatibility of competitors' applications was one of the company's standard operating procedure for many years. WordPerfect, Lotus 1-2-3, DR-DOS, etc all were victims at one time or another. There was even a little saying that went round Microsoft during the time that one major version of DOS was being developed: "DOS isn't done until Lotus won't run".

    When you look at this new story in that context it's hard not to be suspicious of Microsoft's motives and difficult to give them the benefit of the doubt.

    --

    "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
  13. Re:Might this encourage by DrEldarion · · Score: 3, Interesting

    Possibly, but it takes a lot of responsibility off of MS's shoulders.

    "Hey, don't blame us for your security problems. We fixed them in SP2. What? Well it's not OUR fault you're running outdated software..."

  14. Re:Funny how that works by bmwm3nut · · Score: 3, Interesting

    You can still to this day run Win16 apps under windows and still print and save, as if it were no big deal. Thats just not possible with Linux. Try downloading or running a binary from 1994 that was compiled for linux and see if it works, im sure libc and glibc and aout and elf will make things fun.

    that's a fair statement, but you also need to think that the majority of programs for windows are not open source. chances are i would still have (or could get) the source for that 1994 linux binary and compile it on my newest bleeding edge linux box and it should compile (of course after i go through dependency hell to get all the extra libraries it needs). for the most part, i should (with some work) be able to get all the source i need to build and run the old linux binary. however, i'd bet that the old win16 app was closed source and the company probably doesn't even exist anymore. with stuff like that backwards compatability is much more important, because you have no other way to run the code.

  15. Re:Pah. by MoonBuggy · · Score: 5, Interesting

    Spam zombie/pwned newbie machines will be running dog slow. The owners of said machines will either pay a techie to "fix AOL for them" at which point the techie removes viruses and spyware and installs the latest Windows updates (i.e. SP2) or the machines will simply be considered 'broken' by the owners (you'd be suprised how many people think they need to upgrade their hardware because they broke the software by installing crap) at which point Dell/PC World/Emachines will ship them a shiny new box complete with a patched up version of SP2. It might take a year or two, but assuming SP2 is as secure as MS is making out its proliferation will be very good for the internet at large.

  16. Re:Hotmail? by Cereal+Box · · Score: 3, Interesting

    You have absolutely no evidence to support your claim that SP2 is causing your machine to access hotmail.com. In fact, it was probably a virus your machine got earlier that is making it act as an email relay. You're just aware of it now.

  17. Good Stuff by geomon · · Score: 3, Interesting

    Microsoft should be applauded for taking such a bold step. This is definately the right move from a company who has always put usability at the top of the list for their programmers.

    But I think that it will only be implemented by corporate users and tech-savy Windows users. I see a new generation of TweakUI-like applications on the horizion that will allow inexperienced users to defeat the controls that MS is building into this service pack.

    Consider what will happen when someone wants to install an application that is not set up to override the port restrictions that are default in this SP. I can see a whole bunch of folks googling for hack-packs that will disable all of the port protection so that the app will run.

    Keep in mind that not all software vendors are responsible corporations who have an image to protect. The smaller niche vendors may worry about their reputation, but they are more interested in making their product work despite what MS has done to the OS to provide better security.

    As has been pointed out several times /., security is only as good as the vigilence of the system administrator. If users don't patch because it makes their machine 'hard' to operate, they will definately look for applications that will defeat security systems.

    No offense intended, but when you make an OS so simple that a five-year-old can operate it, you should expect five-year-old reasoning from the system administrator.

    --
    "Rocky Rococo, at your cervix!"
  18. Re:Damned if you do, damned if you don't by red+floyd · · Score: 3, Interesting

    It will break a lot of Broderbund programs. And about time.

    The Sims, and Mavis Beacon Teaches Typing require Admin. There is NO F*CKING REASON that either of these should require it, except for sloppy/lazy coding on Broderbund's part (I suspect that they either write to HKLM or to the program directory). Maybe that would cause them to be fixed.

    OT: I've read somewhere that MS is (finally!) discouraging putting all user settings into the Registry, but is recommending config files (human readability optonal) in C:\Documents and Settings\\Application Data. Once again, it's about time.

    --
    The only reason we have the rights we have is that people just like us died to gain those rights. -- Cheerio Boy